Hackers Using iCloud's Find My iPhone Feature to Remotely Lock Macs and Demand Ransom Payments

Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone.

With access to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a Mac with a passcode even with two-factor authentication turned on, and that's what's going on here.


Apple allows users to access Find My iPhone without requiring two-factor authentication in case a person's only trusted device has gone missing.

2-factor authentication not required to access Find My iPhone and a user's list of devices.

Affected users who have had their iCloud accounts hacked are receiving messages demanding money for the passcode to unlock a locked Mac device.


The usernames and passwords of the iCloud accounts affected by this "hack" were likely found through various site data breaches and have not been acquired through a breach of Apple's servers.

Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details.

It's easy to lock a Mac with a passcode in Find My iPhone if you have someone's Apple ID and password.

To prevent an issue like this, Apple users should change their Apple ID passwords, enable two-factor authentication, and never use the same password twice. Products like 1Password, LastPass, and even Apple's own iCloud Keychain are ideal ways to generate and store new passwords for each and every website.


Users who have had their Macs locked will need to get in contact with Apple Support for assistance with removing the Find My iPhone lock.

(Thanks, Eli!)

Top Rated Comments

(View all)
Avatar
37 months ago
Meh, this is why things live on external drives. If I lost or had my laptop stolen, I'd wipe it and be back up and running in 25 minutes without the hassle.
Score: 19 Votes (Like | Disagree)
Avatar
37 months ago
Nice job MR. I only emailed them about this 4 weeks ago and asked that they run a story to inform people that this was going on.

I also emailed Apple about the issue with a simple suggestion. What they need to do is to require the device password when you try to lock a device from Find My iPhone on the web. When you go to remote lock a device you enter a lock passcode and the device's password or passcode. When that is sent to the Mac, iPhone, whatever, if the device password doesn't match, it won't lock the device. That way, even if a hacker guesses your Apple ID and password using hacked credentials, they still can't lock the device without the Mac's login.
Score: 17 Votes (Like | Disagree)
Avatar
37 months ago
Yup, this happened to me back in June when I installed beta 1 of MacOS High Sierra. Frustrating and embarrassing when your an IT engineer and your own device gets hacked! Had to bring it to Apple and provide proof of ownership before they would remove the lock.

And always use 2Factor. I don’t buy the second tweet about someone getting hacked with having 2FA enabled. Even if they could guess your password and the security code, your trusted device would still get a notification and you could block access.

I had 2 factor enabled, saw that someone was trying to access my account, denied them, and still had my account locked.
Score: 11 Votes (Like | Disagree)
Avatar
37 months ago
Macurmors quote:

"Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details."

And this is exactly why I reconfigure all my passwords for my accounts on a regular basis. Stagnancy can be part of the problem.
Score: 10 Votes (Like | Disagree)
Avatar
37 months ago
MacRumors, why are you recommending two-factor authentication if you then go onto say you can access Find My iPhone without needing 2FA??

Here's a better recommendation: turn off Find My Mac until Apple correct course and Find My iPhone requires 2FA.
Score: 10 Votes (Like | Disagree)
Avatar
37 months ago
I liked how he said "y'all"

"y'all come back now ! yah hear?!"
Score: 6 Votes (Like | Disagree)

Top Stories

Apple Warns Against Closing MacBooks With a Cover Over the Camera

Friday July 10, 2020 11:12 am PDT by
Apple this month published a support document that warns customers against closing their Mac notebooks with a cover over the camera as it can lead to display damage. Image via Reddit Apple says that the clearance between the display and the keyboard is designed to very tight tolerances, which can be problematic. Covering the camera can also cause issues with automatic brightness and True Tone....

iPhone 12 Sizes Compared with iPhone SE, 7, 8, SE 2, X, 11, 11 Pro and 11 Pro Max [Update]

Tuesday July 7, 2020 6:49 pm PDT by
Apple is planning on launching the iPhone 12 this fall which is rumored to be coming in 3 different sizes: 5.4", 6.1" and 6.7". The middle size (6.1") matches up with the currently shipping iPhone 11, but the other two sizes will be entirely new. Over the weekend, there was some excitement about how well the new 5.4" iPhone 12 compares to the original iPhone SE. Those who have been hoping...

Leaker: 'iPhone 12 Pro' to Come With 6GB of RAM

Friday July 10, 2020 1:59 am PDT by
Later this year, Apple is expected to release four OLED iPhones in three display sizes, including 5.4, 6.7, and two 6.1-inch models. Rumors suggest the 6.7-inch iPhone and one 6.1-inch model will be higher-end devices, and now leaker @L0vetodream has corroborated previous rumors about the internal specs of Apple's upcoming lineup. Rumors suggest Apple will use 5-nanometer A14 chips in its...

Apple Seeds First Betas of iOS 14 and iPadOS 14 to Public Beta Testers

Thursday July 9, 2020 10:14 am PDT by
Apple today seeded the first public betas of upcoming iOS and iPadOS 14 updates to its public beta testing group, two weeks after first providing the updates to developers after the WWDC keynote and a day after seeding the second developer betas. Public beta testers who have signed up for Apple's beta testing program can download the iOS/‌iPadOS‌ 14 updates over the air after installing ...

Apple Moving Forward on Semitransparent Lenses for Upcoming AR Headset

Friday July 10, 2020 7:24 am PDT by
Apple and Foxconn have reached a key milestone in the development of Apple's long-rumored augmented reality headset, with the semitransparent lenses for the device moving from prototype to trial production, reports The Information. Apple is developing the lenses on a single production line at a Foxconn factory in Chengdu in southwestern China, where most of Apple’s iPad production is...

Kuo: Apple Silicon Macs to Include 13-inch MacBook Pro and MacBook Air This Year, 14.1-inch and 16-inch MacBook Pro Models Next Year

Friday July 10, 2020 2:58 am PDT by
At last month's WWDC, Apple officially announced that its Mac computers will be transitioned from Intel x86 to homegrown Apple Silicon chips. Apple said it plans to deliver the first Apple Silicon Mac by the end of the year and complete the transition in about two years. According to Apple analyst Ming-Chi Kuo, a 13.3-inch MacBook Pro with a form factor similar to the current 13.3-inch...

Apple's Arm-Based Macs With Apple Silicon Chips Will Support Thunderbolt

Wednesday July 8, 2020 3:14 pm PDT by
Apple is working on Macs that use its custom Apple-designed Apple Silicon chips instead of Intel chips, but Apple has committed to continuing to support Thunderbolt, reports The Verge. In a statement, an Apple spokesperson said that Apple's upcoming machines will offer support for Intel's Thunderbolt USB-C standard. "Over a decade ago, Apple partnered with Intel to design and develop...

Everything New in iOS 14 Beta 2: New Calendar Icon, Files Widget and More

Tuesday July 7, 2020 11:38 am PDT by
Apple today released the second beta of iOS 14 to developers for testing purposes, tweaking and refining some of the features that are coming in the update. Below, we've rounded up all of the changes that we found in the second beta. - Calendar icon - There's a new Calendar app icon in iOS 14 beta 2, with the day of the week abbreviated rather than spelled out. - Clock icon - The clock...

Analyst Believes iPhone 12 Pricing Will Start $50 Higher Even Without EarPods or Charger in Box

Wednesday July 8, 2020 9:35 am PDT by
Despite multiple reports indicating that Apple will not include EarPods or a wall charger with iPhone 12 models this year, one analyst believes that pricing will still increase slightly compared to the iPhone 11 lineup. In a research note provided to MacRumors, analyst Jeff Pu forecasted that iPhone 12 pricing will start at $749 for a new 5.4-inch model, an increase of $50 over the base...

Hands-On With tvOS 14: Picture in Picture, 4K YouTube, HomeKit and More

Thursday July 9, 2020 12:48 pm PDT by
Apple at WWDC introduced a new version of tvOS, the software that's designed to run on the fourth and fifth-generation Apple TV models. tvOS updates are often more minor in scale than iOS, watchOS, and macOS updates, but tvOS 14 has some useful new features. Subscribe to the MacRumors YouTube channel for more videos. Apple in tvOS 13 introduced a Picture in Picture option for the Apple TV...